You are here: silicon.com > Financial Services > News

Payment cards: Top target in data breach attacks

"Hacking gets the criminal in the door but malware gets him the data"

Tags: malware, data, card, payment

By Elinor Mills

Published: 16 April 2009 11:02 GMT

More records were breached in 2008 than in the previous four years combined as a result of a few large breaches involving payment cards, according to a report released on Wednesday.

Last year, 295 million records were compromised and there were 90 confirmed breaches, the Verizon Business 2009 Data Breach Investigations report found.

The top five breaches accounted for 93 per cent of total records compromised and as a percentage of caseload, 80 per cent were payment card breaches while payment card data represented 98 per cent of all records compromised last year.

PIN data was increasingly targeted in 2008 in attacks in which magnetic-stripe data and PIN data was used for identity fraud. For example, criminals used the data to make ATM withdrawals from victims' accounts.

PIN data stolen in a breach at payment processor RBS WorldPay was used to clone cards and withdraw millions of dollars from victim bank accounts last year.

More than three-quarters of organisations suffering payment card breaches were found to be not compliant with PCI data security standards or had never been audited. The typical organisation had met less than a third of the requirements in the standards, the report found.

Of the total breaches, 75 per cent came from external sources, 39 per cent involved multiple parties, 32 per cent involved business partners and in 20 per cent of the cases insiders were implicated. Three-quarters of the breaches were undiscovered and uncontained for weeks or months.

As far as types of breaches, 64 per cent resulted from malicious hacking, 38 per cent used malware, 22 per cent involved privileged misuse, and nine per cent used physical attacks such as equipment theft or tampering.

In about four out of 10 hacking-related breaches, an attacker gained unauthorised access to the victim via one of the many types of remote access and management software, typically provisioned to third parties for remote administration.

During 2008, malware was involved in more than a third of the cases investigated and contributed to nine out of 10 of all records breached.

"Malware is now an essential component to nearly all large-scale data breach scenarios," the report said. "Hacking gets the criminal in the door but malware gets him the data."


This chart shows threat categories by per cent of breaches (black) and records (red). Credit: Verizon

Original article: Report: Payment card data was top target in 2008 from CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

silicon.com Financial Services
Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!


  • Jobs
Logistics Manager - Olympics

The succesful candidate will also have to produce seperate business cases in respect to logistical requirements and negotiate contracts with external ...

General Manager (Leeds)

Maintaining employee records and information in a secure fashion New joiners policy ensuring new joiners are fully inducted, understand the health ...

Network Consumer Services Manager

You must have awareness of financial services, particularly online credit card payment processes with understanding of financial and consumer risk ...

Nick Beecham and Belinda Doshi
No more tax breaks for offshoring?
Financial services firms must prepare now for 2010 legal changes

Tim Ferguson
On a new Voyager, tackling fraud and the intellectual challenge
Interview: Nationwide IT director, Peter Stafford

Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO

Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to

Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively

Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.




Quick Sitemap Links: